Mageia 2023-0126: python-cairosvg security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0126 - Updated python-cairosvg packages fix security vulnerability

Publication date: 06 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0126.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior
to version 2.7.0, Cairo can send requests to external hosts when
processing SVG files. A malicious actor could send a specially crafted SVG
file that allows them to perform a server-side request forgery or denial
of service. Version 2.7.0 disables CairoSVG's ability to access other
files online by default. (CVE-2023-27586)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31730
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/5HDBMOMLE6GFKXPLKIWFWM2Q6V4DQKXP/
- https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27586

SRPMS:
- 8/core/python-cairosvg-2.5.1-1.2.mga8

Mageia 2023-0126: python-cairosvg security update

CairoSVG is an SVG converter based on Cairo, a 2D graphics library

Summary

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. (CVE-2023-27586)

References

- https://bugs.mageia.org/show_bug.cgi?id=31730

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/5HDBMOMLE6GFKXPLKIWFWM2Q6V4DQKXP/

- https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27586

Resolution

MGASA-2023-0126 - Updated python-cairosvg packages fix security vulnerability

SRPMS

- 8/core/python-cairosvg-2.5.1-1.2.mga8

Severity
Publication date: 06 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0126.html
Type: security
CVE: CVE-2023-27586

Related News

Kali Linux 2023.2 Released with 13 New Tools, Pre-Built HyperV Image

If You Use Linux - Watch Out for This Stealthy New Malware

Linux 6.3 Offers Improved Security and Functionality for Users

The Kubuntu Focus Ir14 Is an Upcoming Linux Laptop Worthy of Powering the KDE Plasma Desktop

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy